Can you get a virus via a virtual machine?

[=MGN=RedEagle]

Hi guys,

If I install linux via a VM on my PC, can a virus travel through the VM and harm my PC? What I I transfer files from my VM to my PC?

Can I infect the VM from the PC by transferring data?


I should mention that you guys are awesome and have been a huge help to me!

 

[AlexT]

Yes and yes. Transfer via file transfer should be obvious if the transferred file is infected. Otherwise it depends on the security of the underlying hypervisor that runs the VM. It's not unheard of that hypervisors (VirtualBox, VMWare, Xen, KVM, ...) have been be exploited, allowing an app to escape the guest and attack the host. Some reads:

http://blogs.gartner.com/neil_macdonald/2011/01/26/yes-hypervisors-are-vulnerable/
http://threatpost.com/virtual-machine-escape-exploit-targets-xen-090612/
http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php
http://vsphere-land.com/news/escaping-the-cave-a-vmware-admins-worst-fear.html

 

[=MGN=RedEagle]

Yes and yes. Transfer via file transfer should be obvious if the transferred file is infected. Otherwise it depends on the security of the underlying hypervisor that runs the VM. It's not unheard of that hypervisors (VirtualBox, VMWare, Xen, KVM, ...) have been be exploited, allowing an app to escape the guest and attack the host. Some reads:

http://blogs.gartner.com/neil_macdonald/2011/01/26/yes-hypervisors-are-vulnerable/
http://threatpost.com/virtual-machine-escape-exploit-targets-xen-090612/
http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php
http://vsphere-land.com/news/escaping-the-cave-a-vmware-admins-worst-fear.html

Thanks for that input. If I move a infected drive from a PC to a linux machine, will that drive infect the linux machine? I figured the vast majority would face compatibility issues.

 

[Adam Howard]

Thanks for that input. If I move a infected drive from a PC to a linux machine, will that drive infect the linux machine? I figured the vast majority would face compatibility issues.

It can. The old myth that (once fact, now myth) that there are no self executing programs in Linux ..... Is a myth today. And viruses can be cross platform as well (same thing can run on Windows, Linux, Apple, Android, iPhone, ect...).

You're better off setting up this virtual PC inside a sandbox and inside another virtual PC.

Off topic:

The evil people that make such things.... They're getting smarter and a lot of people are playing catch up to them.

The most infectiousness computer virus is a firmware that adds its self to all your firmware. It doesn't technically do anything, except add 2 lines of code (hello world) and it wasn't ever released in the wild (thankfully). But it was a good example of things to come.... Imagine having to replace all your hardware, because connecting it to something new means infecting hardware with contact.

 

[EQnoble]

It can. The old myth that (once fact, now myth) that there are no self executing programs in Linux ..... Is a myth today. And viruses can be cross platform as well (same thing can run on Windows, Linux, Apple, Android, iPhone, ect...).

You're better off setting up this virtual PC inside a sandbox and inside another virtual PC.

Off topic:

The evil people that make such things.... They're getting smarter and a lot of people are playing catch up to them.

The most infectiousness computer virus is a firmware that adds its self to all your firmware. It doesn't technically do anything, except add 2 lines of code (hello world) and it wasn't ever released in the wild (thankfully). But it was a good example of things to come.... Imagine having to replace all your hardware, because connecting it to something new means infecting hardware with contact.

Are you talking about firmware rootkits?

 

[Adam Howard]

Are you talking about firmware rootkits?

Something along those lines, yes. The infection was able to apply its self to things which normally you wouldn't be expecting (mouse, keyboard, bios, hard drive, ect...) If it had firmware, even stuff that typically wasn't thought flash-able... It made it.

Think "HIV" for technology.... Make any data exchange of any kind and you were infected.

 

[=MGN=RedEagle]

You're better off setting up this virtual PC inside a sandbox and inside another virtual PC.

So you mean a VM inside a VM? I used virtualbox to run my VM. If I install virtualbox on the ubuntu install within virtual box, should I be quite safe?

 

[=MGN=RedEagle]

I can delete both images once done use and then start again from an older image each time I use it?

 

[Biker]

There are prudent measures and then there's paranoia. Don't fall into the latter. Take your standard precautions, scan your machines regularly, and leave the paranoia at the door.

 

[ManagerJosh]

There is no 100% level of security. There will always be some level of risk by using a computer. At some point it simply becomes cost prohibitive.

The best thing to do is take the most reasonable amount of precautions possible.

 

[=MGN=RedEagle]

Hi guys,

You have been a huge help! Question, is a VM in a VM safer or a separate Ubuntu computer safer? I can afford both. Just want to know which system is better if you want to protect high-value online assets which people are actively trying to hack.

 

[ManagerJosh]

Hi guys,

You have been a huge help! Question, is a VM in a VM safer or a separate Ubuntu computer safer? I can afford both. Just want to know which system is better if you want to protect high-value online assets which people are actively trying to hack.

Exactly how "high value" ?

 

[=MGN=RedEagle]

Exactly how "high value" ?

Not sure I would like to chat about that on a public forum. I think you can understand why . Private message would not help my situation either. We have an on-going threat.

 

[Luke F]

The most infectiousness computer virus is a firmware that adds its self to all your firmware. It doesn't technically do anything, except add 2 lines of code (hello world) and it wasn't ever released in the wild (thankfully). But it was a good example of things to come.... Imagine having to replace all your hardware, because connecting it to something new means infecting hardware with contact.

Literally the only danger of spreading would be in portable hard disks that actually bother to implement firmware updates over usb, and it would be astronomically hard to exploit.

 

[=MGN=RedEagle]

Literally the only danger of spreading would be in portable hard disks that actually bother to implement firmware updates over usb, and it would be astronomically hard to exploit.

I was thinking the same thing. Sure it's not 100% secure, but it's better than any system we have now.

 

[SilverCircle]

Hi guys,

You have been a huge help! Question, is a VM in a VM safer or a separate Ubuntu computer safer? I can afford both. Just want to know which system is better if you want to protect high-value online assets which people are actively trying to hack.

In that case it's probably better to consult / cooperate with a security expert instead of messing around with stuff you do not really understand, because that can be dangerous. Yes, that can cost you quite *some* $$$, because the really good people don't work for peanuts.

 

[Biker]

Literally the only danger of spreading would be in portable hard disks that actually bother to implement firmware updates over usb, and it would be astronomically hard to exploit.

Not necessarily. Read up on Icelord and Mebromi. Both infect your BIOS and MBR.

 

[Fred Sherman]

Don't want to get too deeply into this, but don't think of a virus as a program. Think of a virus as a weapons system. You have delivery and payload. Even the payload can be complex, like a MIRV warhead. The "re-entry vehicle" can be chosen based on an IFDEF conditional in the delivery system, to select it for the proper OS, BIOS, firmware detected.

So yes, not only can a virus in a VM affect the host computer, but also the hypervisor, the BIOS. and other VMs. It can replicate itself via ethernet or the SAN and affect the entire house, office, and/or datacenter. It can leap from to different operating systems. It all depends on the sophistication of the virus. And with many countries actively wngaging in cyberwarfare, viruses are becoming increasingly sophisticated.

 

[=MGN=RedEagle]

Don't want to get too deeply into this, but don't think of a virus as a program. Think of a virus as a weapons system. You have delivery and payload. Even the payload can be complex, like a MIRV warhead. The "re-entry vehicle" can be chosen based on an IFDEF conditional in the delivery system, to select it for the proper OS, BIOS, firmware detected.

So yes, not only can a virus in a VM affect the host computer, but also the hypervisor, the BIOS. and other VMs. It can replicate itself via ethernet or the SAN and affect the entire house, office, and/or datacenter. It can leap from to different operating systems. It all depends on the sophistication of the virus. And with many countries actively wngaging in cyberwarfare, viruses are becoming increasingly sophisticated.

Do you know if they can jump via a wireless router to different computers within the same house?

 

[Fred Sherman]

Do you know if they can jump via a wireless router to different computers within the same house?

Sure. Wireless is still just TCP/IP.